update.exe

Safe Monitor

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application update.exe, “SafeMonitor Install” by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Western Web Applications, LLC  (signed and verified)

Product:
Safe Monitor

Description:
SafeMonitor Install

Version:
1.0.0.0

MD5:
bd72656758736a1b4366368645869199

SHA-1:
19daf67b66c35ab893e510bd54deba2a7409c3c0

SHA-256:
e819769dc2dec33f0d055aa483d0a1982d4899fcac76e81f71ebd8fdddf0212c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 1:22:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.12.28.11

File size:
2.3 MB (2,408,272 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Western Web Applications, LLC 2014

Original file name:
SafeMonitorInstall.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\safemonitor\up\2.7.41\update.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/2/2014 8:00:00 PM

Valid to:
6/3/2015 7:59:59 PM

Subject:
CN="Western Web Applications, LLC", O="Western Web Applications, LLC", L=Del Mar, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2846A7B6FF6C3C84D2AC5AD12B664347

File PE Metadata
Compilation timestamp:
10/1/2014 9:37:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x24B8CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9993

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,398,720 bytes)

Remove update.exe - Powered by Reason Core Security